qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

manager: add the ability to manages the CA

Browse Source
This commit is contained in:
Aaron Bieber 2022-09-06 11:08:12 -06:00
parent ebf5e14051
commit a4a2d69b8a
No known key found for this signature in database
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
configs/manager.nix
View File

@ -1,5 +1,11 @@
{ config, lib, pkgs, ... }:
with lib; {
let
microcaBin = "${pkgs.microca}/bin/microca";
microca = pkgs.writeScriptBin "microca" ''
#!/usr/bin/env sh
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
'';
in with lib; {
options = {
nixManager = {
enable = mkEnableOption "Configure host as nix-conf manager.";
@ -18,6 +24,8 @@ with lib; {
sops.secrets = {
manager_key = { owner = config.nixManager.user; };
manager_pubkey = { owner = config.nixManager.user; };
ca_key = { owner = config.nixManager.user; };
ca_cert = { owner = config.nixManager.user; };
};
environment.systemPackages = with pkgs; [ microca ];
};